Energy Corporation Valero

William R. Burrus, MBA

**** ******** ***** • Helotes, Texas 78023

210-***-****

*************@*******.***

Professional Profile

• 20+ years of Compliance, Operational, Financial, and IT Auditing Experience.

• Proven ability to identify, document and provide credible challenge of processes, risks, and controls. Experience defining and creating process and testing-based procedures.

• Proven ability to effectively work with multiple stakeholder groups and build positive relationships with key stakeholder contacts.

• Proven project management skills and ability to work under pressure while meeting tight deadlines.

• Strong knowledge of information security policies and standards and ability to translate those policies and standards into testing plans and requirements. Knowledge of the Risk Management framework and how it applies within the organization.

Professional Experience

Wells Fargo & Company, San Antonio, TX

Compliance Officer, (Jan 2020 – Present)

Serving as a Compliance Officer, I support Conduct Risk Oversight. I am responsible for the development of the monthly enterprise insider threat metrics and reporting package and associated procedures. Package includes monitoring, key indicator and risk appetite metrics pulled from data sources including cyber threat fusion, HR, information security, data loss prevention, compromised data, corporate security, and technology. Other responsibilities included:

• Provides oversight of Enterprise Functions with respect to execution effectiveness of conduct policies, monitoring and self-assurance activities, including escalation of risks and issues.

• Provides challenge, independent assessment, and advice with respect to Enterprise Function controls, and actions to address gaps in control design and effectiveness.

• Develops and implements oversight processes for ongoing monitoring of Enterprise Functions for conduct risks. Identifies areas for enhancements and efficiencies.

• Provides consultation and guidance to Enterprise Functions to support self-identification, assessment, escalation and monitoring of risks and issues.

• Monitors enterprise and business group reporting for trends and points of escalation related to conduct risk for Enterprise Function processes. This includes insider threat, internal fraud, sales practices, allegations and customer harm.

• Builds and develops strong engagement with key stakeholders, including Enterprise Function front line Business and Control Executives and Internal Audit teams to provide regular updates on status of conduct risk oversight and initiatives.

• Conducts and assists with ad hoc projects of key processes and programs as part of oversight responsibilities.

Wells Fargo & Company, San Antonio, TX

Operational Risk Consultant 4, (Aug 2016 – Jan 2020) I began my career at Wells Fargo as an Operational Risk Consultant where I supported the Enterprise Functions Technology business group. In this role, I interpreted corporate, enterprise testing and validation (T&V), technology Self-Assurance policy and procedure, and appropriate technology frameworks to develop testing and continuous monitoring methods/procedures to assess application adherence with expected technology controls on an enterprise level. Other responsibilities included:

• Demonstrates operational risk knowledge, including the design of effective control processes, develops test requirements and tests the design and the controls for effectiveness within Enterprise Information Technology (EIT). Through the risk review and testing process, leverages risk management to identify and address potential problems before they occur, including developing testing procedures and process flows to identify key controls and risks and underlying gaps.

• Gathers and understands relevant evidence; test controls; follows up with control owners/subject matter experts; and documents test results. In addition, participates in control walkthroughs, tracks status of activities; escalates issues to management and completes work with the deadlines.

• Manage and conduct compliance Business and risk-based testing of technology and information security controls. Review and interpret corporate and technology policy and procedure, collaborate with LOB and application management to understand, assess and document processes and obtain evidence, identify risks and key/primary controls for testing, create risk and policy-based test procedures, execute control testing procedures, identify the root cause of issues, and write /issue the final report. Conduct quality assurance reviews of completed testing packages.

• Through the risk review and testing process meets Risk, Regulatory and Compliance needs for better management and risk reduction with focus on remediation of critical applications.

• Performs lead tester role on all assignments, including five International based resource, including training and coaching. Conduct quality assurance reviews of completed testing packages. Review and re-perform testing to assess completeness and accuracy, traceability, proper documentation, and adherence with Enterprise T&V and Technology Self-Assurance policies and procedures. Provide guidance and at times supervise team members to assist management with the completion of audit work.

• Responsible for communicating and reporting, as it relates to the review activity, end to end documentation and relationship build for the assigned line of testing. Thoroughly documents and write/oversee test work scope and summary, engagement reports, and supporting documentation.

• SHRP experience in review activities, and issue management platforms including setting up, documenting, reviewing and closing review activity and finding Work Papers and obtaining SHRP reports for planning and reporting purposes.

Valero Energy Corporation, San Antonio, TX

Audit Specialist, (Jun 2014 – May 2016)

Serving as an Audit Specialist, I supported Valero Energy Internal Audit services. My knowledge of the Committee of Sponsoring Organizations of the Treadway Commission (COSO) model assisted in the evaluation of enterprise risk management, internal controls, and fraud deterrence. Other responsibilities included:

• Findings and recoveries to each year amounted to over $1,500,000 that related to unsupported, unauthorized or overcharges to Valero.

• Reviewed legal contracts and understood the business processes related to contract compliance audits of Valero suppliers.

• Performed quantitative and qualitative analysis within Compliance and Operational Risk.

• Analyzed large volumes of data and reconciled data from different accounting/cost systems.

• Assisted in audit project planning, fieldwork and reporting including initial client interviews and preparation of audit planning memorandums.

• Performed risk assessments, planning, executing and leading financial audits. Kforce Government Solutions, Inc. (KGS), Fairfax, VA Senior IT Auditor, (Dec 2013 – Jun 2014)

Serving as a Senior IT Auditor, I supported the U.S Army Medical Command with audit support services. My knowledge of the Control Objectives for Information and Related Technology (COBIT) methodology for performing information system (IS) control audits assisted in the evaluation of general controls and their impact on business process application controls. Other responsibilities included:

• Provided comprehensive testing, evaluation and reporting to support the internal control team and U.S. Army Medical Command headquarters.

• Developed project plans, work programs, evaluating system controls, documenting results, making recommendations, and communicating information to clients.

• Involved with detailed audits of information technology systems, interfaces and infrastructures to verify systems are secure and support the related applications or business processes.

• Examined records to ensure proper recording of transactions and compliance with applicable laws, agreements, and policies as well as continuously analyze business risk profiles and provide senior U.S. Army Command assurance that appropriate risk mitigation is taken. St. Joseph Health System, Bryan, Texas

Senior Audit Consultant, (Jan 2013 – Nov 2013)

Serving as a Senior Audit Consultant, I worked with the compliance officer on the development of the annual work plan. I also collaborated with the Business Office team in monitoring compliance and submitted suggestions for compliance improvements. Other responsibilities included:

• Developed, initiated, maintained, and revised policies and procedures for the general operation of the Compliance Program and its related activities to prevent illegal, unethical, or improper conduct.

• Conducted IT, compliance, operational and financial audits, focusing on the health system’s programs, including external relationships with third-party vendors.

• Performed special projects and investigations, risk assessments, internal control consulting and process improvements.

• Developed enhanced auditing procedures to comply with changes in the regulatory environment.

• Managing audits from start to completion, including detailed walkthrough and mapping of key processes to identify key and primary controls, creating testing procedures and execution of tests of controls, identification and reporting of issues and discussions with hospital administrators.

• Examined accounting, statistical, safety, or operational records and processes and procedures in order to determine the reliability and effectiveness of financial and management control systems. CHRISTUS Health, San Antonio, Texas Audit

Consultant, (Jan 2006–Dec 2012)

I served as an Audit Consultant. In this role, I fulfilled the following responsibilities:

• Supervised and executed compliance, operational, financial and information management audits.

• Performed fraud investigations related to billing activities in the Meditech environment.

• Analyzed and interpreted applicable healthcare policies and procedures to determine process requirements. Conducted walkthroughs to map and assess processes to identify relevant risks and mitigating controls. Assessed the design of key and primary controls. Developed and executed testing procedures to assess control performance and policy compliance. Communicated testing results and potential issues to line of business executives. Conducted root cause analysis of issues and consulted on corrective actions.

• Performed in-depth regulatory research of healthcare issues.

• Provide oversight of the development and execution of a risk-based testing approach for assigned audits.

• Led and executed audits with a focus on business processes and their supporting IT processes.

• Managed, coordinated, and facilitated each assigned fraud investigation audit. CITIGROUP, San Antonio, Texas

Internal Auditor (Dec 2000–Dec 2005)

Serving as an Internal Auditor, my responsibilities included:

• Planned and performed compliance, financial, and operational audits that included detailed walkthroughs and flow charting of key processes to identify key risks and controls, development of test procedures for key controls, execution of testing, identification, and reporting of issues.

• Prepared and documented audit work performed to support audit findings.

• Prepared and communicated audit results and recommendations to senior management.

• Investigated and documented alleged fraud corporate-wide.

• Facilitated SOX testing and monitored company-wide SOX program. Education and Certification

• Bachelor of Business Administration (BBA) – University of the Incarnate Word, San Antonio, Texas

• Master of Business Administration (MBA) – Our Lady of the Lake University, San Antonio, Texas

• Certified Information Systems Auditor (CISA) – Actively pursuing the certification

• Certified Fraud Examiner – Actively pursuing the certification

• Series 7 and 63 License – Inactive

Professional Affiliations

• Association of Certified Fraud Examiners (ACFE)

• ISACA

Contact this candidate